Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/FAs0j_dey3yogwr3cqf-sJk5_pk.roa
File:                     FAs0j_dey3yogwr3cqf-sJk5_pk.roa (raw, json)
Hash identifier:          f5etfxmCKfC1eZrhFZSOWy0l4Gzq/Iybov6wb1n5wiI=
Subject key identifier:   14:0B:34:8F:F7:5E:CB:7C:A8:83:0A:F7:72:A7:FE:B0:99:39:FE:99
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       018F7DB33E2161E24740DC90D19195BC5F71
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/FAs0j_dey3yogwr3cqf-sJk5_pk.roa
Signing time:             Wed 15 May 2024 19:20:49 +0000
ROA not before:           Wed 15 May 2024 19:20:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        212.46.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7d:b3:3e:21:61:e2:47:40:dc:90:d1:91:95:bc:5f:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 15 19:20:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=140b348ff75ecb7ca8830af772a7feb09939fe99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d7:5e:3c:50:01:e1:5f:54:bb:aa:59:3b:a2:
                    86:e7:4b:73:49:9e:d2:6c:e9:0d:d9:4d:a7:d6:be:
                    0e:19:de:8e:15:d3:35:cf:65:9e:93:bd:b0:66:09:
                    d1:ac:09:02:85:3a:79:c5:3d:41:19:db:f9:57:87:
                    ba:75:da:31:fb:5d:5c:aa:c4:52:d6:5c:16:f9:19:
                    ea:44:35:ff:8e:0a:5d:c8:f9:5f:d8:c4:90:41:64:
                    8b:39:6b:75:70:83:6b:f2:de:cc:33:b2:ae:66:2c:
                    bf:c0:10:1d:48:ec:2b:6b:f4:9b:2a:0b:da:f4:e3:
                    84:18:6c:69:bc:a3:29:29:77:91:d9:27:52:44:15:
                    eb:bd:a9:84:f9:b3:89:85:9e:4c:88:a8:c0:b5:23:
                    ba:46:bb:58:68:a2:cc:8f:1e:47:60:b6:02:e0:1c:
                    aa:2b:80:dd:dc:de:32:87:43:74:fb:c1:54:b2:93:
                    e0:65:ee:98:9f:63:47:e7:39:77:37:e6:f6:23:99:
                    df:ed:e8:78:0f:b5:df:61:61:dd:2a:12:e5:2f:64:
                    98:11:23:7c:23:cb:03:5a:c7:c1:a3:2b:6e:83:b9:
                    1f:8b:96:c5:06:de:31:80:b9:a4:6d:5c:ad:d7:a0:
                    ba:19:f5:9d:8e:d3:d0:69:7b:08:61:28:e4:ae:22:
                    2d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:0B:34:8F:F7:5E:CB:7C:A8:83:0A:F7:72:A7:FE:B0:99:39:FE:99
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/FAs0j_dey3yogwr3cqf-sJk5_pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:1b:c3:ce:d4:d0:0d:71:2d:73:84:6d:e7:9d:22:31:e8:2d:
         7d:15:f5:f0:b8:19:cd:9b:fa:e4:5c:c5:3b:71:7b:e7:cc:78:
         bb:51:78:cc:a5:e8:4c:e9:ae:1f:c6:df:12:f9:af:99:7a:0a:
         b4:15:b9:9e:24:39:02:f7:80:b2:12:7f:cc:1c:61:04:ed:6b:
         e7:46:fe:f1:cf:4c:fe:c7:b8:d8:af:b9:9b:26:d8:36:31:65:
         38:59:1e:f3:2d:60:a6:01:bc:f9:f0:40:b1:08:94:b4:f4:6e:
         6b:53:50:e4:12:a6:1b:83:30:89:bb:db:20:e5:84:fb:89:48:
         ad:26:98:45:13:e7:2b:67:ca:ff:1b:1a:40:44:7a:5f:51:89:
         bd:7e:7c:f7:7a:31:66:59:d0:92:31:95:51:6c:93:03:ae:74:
         f1:a2:38:28:19:92:6f:b2:27:86:45:28:ad:99:fd:e3:7b:e7:
         54:c0:0a:38:56:0d:47:77:5f:9b:77:8c:f9:74:95:83:f6:5a:
         dc:b7:ec:e3:d0:23:46:84:77:f6:f6:96:23:c5:13:e4:fb:7f:
         c0:e8:9c:f5:ba:4e:59:d9:47:20:95:e1:1c:e9:cc:99:51:c5:
         04:57:c3:86:12:8c:ac:bc:21:30:75:77:55:c1:4f:2b:22:d5:
         dc:15:fd:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY99sz4hYeJHQNyQ0ZGVvF9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjQwNTE1MTkyMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDBiMzQ4ZmY3NWVjYjdjYTg4MzBhZjc3MmE3ZmViMDk5MzlmZTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNdePFAB4V9Uu6pZO6KG50tzSZ7S
bOkN2U2n1r4OGd6OFdM1z2Wek72wZgnRrAkChTp5xT1BGdv5V4e6ddox+11cqsRS
1lwW+RnqRDX/jgpdyPlf2MSQQWSLOWt1cINr8t7MM7KuZiy/wBAdSOwra/SbKgva
9OOEGGxpvKMpKXeR2SdSRBXrvamE+bOJhZ5MiKjAtSO6RrtYaKLMjx5HYLYC4Byq
K4Dd3N4yh0N0+8FUspPgZe6Yn2NH5zl3N+b2I5nf7eh4D7XfYWHdKhLlL2SYESN8
I8sDWsfBoytug7kfi5bFBt4xgLmkbVyt16C6GfWdjtPQaXsIYSjkriItowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQLNI/3Xst8qIMK93Kn/rCZOf6ZMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvRkFzMGpfZGV5M3lvZ3dyM2NxZi1zSms1X3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1C4qMA0G
CSqGSIb3DQEBCwUAA4IBAQBJG8PO1NANcS1zhG3nnSIx6C19FfXwuBnNm/rkXMU7
cXvnzHi7UXjMpehM6a4fxt8S+a+Zegq0FbmeJDkC94CyEn/MHGEE7WvnRv7xz0z+
x7jYr7mbJtg2MWU4WR7zLWCmAbz58ECxCJS09G5rU1DkEqYbgzCJu9sg5YT7iUit
JphFE+crZ8r/GxpARHpfUYm9fnz3ejFmWdCSMZVRbJMDrnTxojgoGZJvsieGRSit
mf3je+dUwAo4Vg1Hd1+bd4z5dJWD9lrct+zj0CNGhHf29pYjxRPk+3/A6Jz1uk5Z
2UcgleEc6cyZUcUEV8OGEoysvCEwdXdVwU8rItXcFf2D
-----END CERTIFICATE-----